From owner-freebsd-net@freebsd.org  Wed Jul 29 14:36:11 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 242BC9AE166;
 Wed, 29 Jul 2015 14:36:11 +0000 (UTC)
 (envelope-from gnn@neville-neil.com)
Received: from smtp.hungerhost.com (smtp.hungerhost.com [216.38.53.177])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EF847800;
 Wed, 29 Jul 2015 14:36:10 +0000 (UTC)
 (envelope-from gnn@neville-neil.com)
Received: from cpe-74-73-224-71.nyc.res.rr.com ([74.73.224.71]:50765
 helo=[192.168.0.6])
 by vps.hungerhost.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
 (Exim 4.85) (envelope-from <gnn@neville-neil.com>)
 id 1ZKSSg-0008Ry-K1; Wed, 29 Jul 2015 10:36:02 -0400
From: "George Neville-Neil" <gnn@neville-neil.com>
To: "Adrian Chadd" <adrian.chadd@gmail.com>
Cc: "Daniel Plominski" <Daniel@plominski.eu>, freebsd-security@freebsd.org,
 "FreeBSD Net" <freebsd-net@freebsd.org>
Subject: Re: remove IPsec SKIPJACK support...
Date: Wed, 29 Jul 2015 10:35:52 -0400
Message-ID: <AD9A5E4B-73C5-46EE-A20D-4260EFC48090@neville-neil.com>
In-Reply-To: <CAJ-VmonhV2oCem4ZDnPdPOzk5H+GxK77VQQVQjJKS_9ZWv-mSA@mail.gmail.com>
References: <20150728005730.GL78154@funkthat.com>
 <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com>
 <20150728034157.GO78154@funkthat.com>
 <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com>
 <20150728060740.GP78154@funkthat.com> <55B768DC.6020009@Plominski.eu>
 <CAJ-VmonhV2oCem4ZDnPdPOzk5H+GxK77VQQVQjJKS_9ZWv-mSA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.2r5107)
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.hungerhost.com
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - neville-neil.com
X-Get-Message-Sender-Via: vps.hungerhost.com: authenticated_id:
 gnn@neville-neil.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 14:36:11 -0000

That's fine so long as its removed in HEAD now, and then the warning can =

go into 10 aka 10.3.

Best,
George


On 28 Jul 2015, at 13:25, Adrian Chadd wrote:

> Hi,
>
> I'd put together a deprecation plan, which starts with the kernel
> warning that this stuff is being removed, MFC that to stable/10 and
> stable/9 so people aren't surprised when they upgrade, and then have
> it removed in 11.
>
>
>
> -adrian
>
>
> On 28 July 2015 at 04:34, Daniel Plominski <Daniel@plominski.eu> =

> wrote:
>> instead of code to remove it is a better idea manuals to revise, =

>> people
>> depend on old recommendations like
>> https://www.freebsd.org/doc/handbook/ipsec.html
>>
>> would be better:
>> https://blog.plitc.eu/2014/freebsd-10-ipv4-vpn-relay-ipsec-entryopenvp=
n-middleopenvpn-exit-node-mit-jails/
>>
>> or the racoon example from:
>> https://blog.plitc.eu/2014/freebsd-10-ipv4-ipsec-net-to-net-vpn-in-der=
-jail/
>>
>> best regards
>>
>> Daniel
>>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"